[00:50.110 --> 00:57.650]  Welcome! Welcome to the DEF CON 28 safe mode. And this is the lounge of Voting Machine Hacking
[00:57.650 --> 01:05.330]  Village at DEF CON. This is the fourth time we are at DEF CON and this has been... every year
[01:05.330 --> 01:10.350]  it is a hassle to get everything running. This year we have been doing something we have never
[01:10.350 --> 01:16.570]  done before. Trying to go virtual in just a few months time. It has been a tremendous
[01:16.570 --> 01:22.190]  amount of work and so many people have been helping us to get this done.
[01:22.650 --> 01:30.270]  We are here in Quantico and at Quantico Cyber Hub, Voting Village, along with ICS Village and a
[01:30.270 --> 01:35.550]  couple of other villages. We are operating our back end from the same central location so that
[01:35.550 --> 01:42.150]  we can help each other and support each other through this whole exercise. It's very nice,
[01:42.150 --> 01:48.110]  to be back in DEF CON. This is really a weird experience because we are not meeting in a
[01:48.110 --> 01:54.330]  meet space instead of in a virtual space. I certainly hope next year we will be able to
[01:54.330 --> 02:01.450]  again have our controversies, have our disagreements and our wonderful fears over
[02:01.450 --> 02:08.010]  physical space and do it that way. Before I start to introduce what this year is going to bring,
[02:08.010 --> 02:14.650]  let me first of all thank Mary Hamlin. She is behind the scenes helping to organize this whole
[02:14.650 --> 02:21.290]  thing. My two co-organizers will have a little bit of word. Unfortunately, I will need to speak
[02:21.290 --> 02:28.090]  on behalf of one of the co-organizers because he is home and unfortunately so ill that he
[02:28.090 --> 02:35.690]  felt that coming to video call is too much a hassle at the moment. But let's start from Maggie
[02:35.990 --> 02:41.350]  a member of MacAlpha and one of the co-organizers. Maggie, if you want to give a word.
[02:42.490 --> 02:46.450]  Yeah, thank you all so much for joining us. This is obviously a really crazy year, but
[02:46.450 --> 02:51.170]  maybe it's going to be a really good year. It's really interesting to see what DEF CON virtual is
[02:51.170 --> 02:56.310]  like. Obviously, this is a very important year from election perspective. You may have heard there's
[02:56.310 --> 03:01.190]  going to be an election later this year. So we hope that you will find our talks interesting
[03:01.190 --> 03:07.110]  and engaging and we hope they will make you want to vote even harder than ever. That is definitely
[03:07.110 --> 03:12.030]  going to be really important this year. So thank you so much for joining us. Please have patience
[03:12.030 --> 03:16.830]  as we build this airplane in the sky. We think we've got a really great lineup for you and we're
[03:16.830 --> 03:21.310]  just we're just really excited to have been able to meet you virtually this year and to just in
[03:21.310 --> 03:26.590]  general be able to share what we can of the voting village with you. And I'll turn it over to Dan.
[03:26.590 --> 03:33.790]  Well, the next person to be introduced is Dan Weber. Previous years we have been really running
[03:33.790 --> 03:40.210]  this mostly out of our own pocket and we haven't had a non-profit of our own to support our
[03:40.210 --> 03:46.250]  operation. This year it changed. We have finally completed incorporation of non-profits supporting
[03:46.250 --> 03:51.430]  the Voting Village Election Index Foundation. Dan Weber is a co-organizer of the Voting Village
[03:51.430 --> 03:57.810]  and also the CEO of our non-profit Election Index Foundation. Dan. Thank you, Laurie. Hey,
[03:57.810 --> 04:03.610]  guys. It's a pleasure and honor to be here and talk to you guys today. You know, it's really
[04:03.610 --> 04:08.570]  important this year from Election Integrity, not that it's more important any other year,
[04:08.570 --> 04:12.410]  but with everything going on in the world and such, you know, there's just a heightened
[04:13.310 --> 04:20.450]  sensitivity as well as a need to get out there and to volunteer, be part of the process. You know,
[04:20.450 --> 04:24.450]  if you can get people out to vote, that's great. If you can go and become a poll worker,
[04:24.450 --> 04:29.450]  that's even more important because, you know, with the aging population and folks and that,
[04:29.450 --> 04:34.370]  they're just not able to come out. And so, you know, get out there and volunteer for it. You
[04:34.370 --> 04:42.270]  know, we're very privileged. HBO, if you probably have seen it, is not go to at Voting Village DC
[04:42.270 --> 04:47.870]  and that you'll find the link. They've opened up the movie Kill Chain, of which both Hari and
[04:47.870 --> 04:55.130]  Maggie are part of and such, for a free viewing for all of DEF CON. So until Sunday night, 1159,
[04:55.650 --> 04:59.590]  you know what I'm saying, p.m., they've allowed us to go out and do that. You know, visit us
[04:59.590 --> 05:05.390]  at Election Integ, which is a Twitter hashtag for it and such, and be part of it. You know,
[05:05.390 --> 05:11.870]  part of our goal and mission is to continue to do these Voting Villages, to do education,
[05:11.870 --> 05:17.510]  get out there and teach folks about, you know, cyber security around the election and participate
[05:17.510 --> 05:23.490]  with other communities and such that are out there. And so, we really appreciate the support
[05:23.490 --> 05:29.370]  and you bearing with us this year as, you know, we've gone into safe mode with DEF CON here at
[05:29.370 --> 05:37.850]  the Voting Village. Thanks so much, guys. Hari? Yeah. So, as we are now official
[05:38.910 --> 05:46.390]  non-profit, we also are doing a little fundraising by selling swag. There's a link in our Discord
[05:47.210 --> 05:53.270]  where you can choose which kind of swag you might want to buy if you want to support our
[05:53.270 --> 05:59.870]  ongoing effort to educate people on cyber warfare and cyber security on election and election
[05:59.870 --> 06:05.230]  security on whole outside of cyber, because we're talking a lot about election security measurements
[06:05.230 --> 06:10.310]  and educating which are in the physical space instead of cyber space. And a huge shout out to
[06:10.310 --> 06:14.530]  Mara Williams for doing our art this year. It's really incredible, really beautiful stuff.
[06:15.830 --> 06:22.090]  And last but not least, I mean, the movie which I mentioned, it was filmed three years
[06:22.090 --> 06:28.830]  at DEF CON. So, you see a lot of familiar faces from Dark Tangents to Dr. Mouse in the movie. So,
[06:28.830 --> 06:35.930]  I hope you join in for us. And now, unfortunately, Matt Blaze, one of the co-founders and co-organizers
[06:35.930 --> 06:43.290]  that he is, he's very excited. We have worked very hard for this. He has been having a
[06:44.710 --> 06:52.910]  undespecified, hopefully not corona, and he is home in condition that he... I spoke with him
[06:52.910 --> 06:58.190]  just before this, and he wanted me to express how excited he is and how he's regretting that
[06:58.190 --> 07:04.910]  at this point of time, he didn't feel that doing a video call would be possible because of
[07:05.470 --> 07:11.610]  how ill he is. So, we certainly hope a speedy recovery and that everything turns out the best
[07:11.610 --> 07:17.250]  possible way. And we truly miss that he's not here with us because Matt has always been,
[07:17.250 --> 07:22.470]  not only for our village, but DEF CON and all the other conferences, such a huge amount of
[07:22.470 --> 07:27.650]  energy and encouragement and guidance, how to get these things done.
[07:28.630 --> 07:34.870]  So, this year, because it's election year, and this is an election year, not only in the United
[07:34.870 --> 07:40.170]  States of America, but in a number of other countries. So, we are so focused in the
[07:40.790 --> 07:45.810]  everything dominating cycle about US elections that we forgot there are a number of other
[07:45.810 --> 07:56.510]  important democracies who are equally having a shed water election this year, still this year.
[07:56.510 --> 08:02.550]  So, let's keep in mind, we are all in this together as a democracy. We all are facing
[08:02.550 --> 08:09.490]  similar challenges. We all have similar kind of attacks against our systems and our governance.
[08:09.490 --> 10:15.800]  So, whatever we have to do, we will have a few talks about that, but more about that later.
[10:15.800 --> 10:23.200]  First of all, I would like to introduce a follow-up of our last year started Unhack the
[10:23.200 --> 10:28.300]  Ballot initiative. Unhack the Ballot, which we started last year, was never intended to be a
[10:28.300 --> 10:37.480]  run-off. It was ongoing, and the concept in its heart is to provide election officials,
[10:37.480 --> 10:44.900]  local election officials, who are under-resourced and have limited access to knowledge and expertise,
[10:44.900 --> 10:51.320]  access to the local area, willingly patriotic wherever they are, hackers and security researchers
[10:51.320 --> 10:58.280]  who can provide them information, guidance, advice, valuation of what they have been proposed.
[10:58.300 --> 11:04.100]  So, we started that last year. Because 2020 is such an important election year for the U.S.,
[11:04.100 --> 11:11.480]  and we are facing a unique set of problems, we were not preparing the coronavirus. We have to,
[11:11.480 --> 11:18.480]  right now, a lot of things have to be changed and implemented from practices from another state,
[11:18.480 --> 11:22.560]  have to be implemented over the board, see how that fits to the local laws and practices.
[11:22.560 --> 11:31.120]  We started an initiative called CyberSearch. CyberSearch, this year, is starting right now
[11:31.120 --> 11:38.300]  and ending up the election. This is a one-off initiative and project, making that Unhack the
[11:38.300 --> 11:46.520]  Ballot as efficient as possible for this election year. We have been calling volunteers, and we
[11:46.520 --> 11:54.400]  have in the Discord channels for the CyberSearch, both in text and in video. We have been calling
[11:54.400 --> 12:01.160]  volunteers who want to help their local election officials, and we have obviously offered also
[12:01.160 --> 12:06.960]  the local election officials who need to have help, to identify themselves and tell us what they
[12:06.960 --> 12:15.460]  think would be the best resources they would need to have, or want to have. Bearing in mind that
[12:15.460 --> 12:20.760]  sometimes they don't even know, unfortunately, exactly what they need. But that's part of the
[12:20.760 --> 12:28.580]  learning experience. We have in our head a false image. We think that there is an election office,
[12:28.580 --> 12:34.060]  and the election office has an IT department, and the IT department has a secretary of practice.
[12:34.440 --> 12:39.080]  That is very much not true with most of the United States, and most of the world actually,
[12:39.080 --> 12:47.640]  especially not most of the U.S. There is an election office, and they might have one or two
[12:47.640 --> 12:55.420]  IT people part-time, and volunteers. No secretary of practice whatsoever. Security, if it's existing,
[12:55.420 --> 13:00.860]  is outsourced. It comes from organizations who are volunteering help, like Department of Homeland
[13:00.860 --> 13:06.660]  Security, or volunteers and companies who are selling them services, but they really don't have
[13:06.660 --> 13:16.000]  expertise. And if you look, since help America, new technology has been pouring in, you really
[13:16.000 --> 13:21.040]  just have an IT department who happens to do elections, and not the other way around. So
[13:21.040 --> 13:28.100]  local election officials need help, and they don't have funds, they don't have resources,
[13:28.100 --> 13:34.560]  they don't have access to the expertise. So we are here to help and make sure that any way we can,
[13:34.560 --> 13:40.080]  we will pair knowledge to the people who need to have the knowledge. And local election officials,
[13:40.080 --> 13:45.980]  they're working really hard. They're good people. They are in an impossible situation.
[13:46.260 --> 13:54.180]  Impossible situation because of the asymmetric nature of cyber war. Every other war we've fought,
[13:54.180 --> 14:00.920]  land, sea, underwater, air, space, are natural domains with natural laws of physics. Cyber is a
[14:00.920 --> 14:12.020]  domain. Inherently asymmetric. And in that environment, they are fighting a war. If you,
[14:12.020 --> 14:17.740]  if a foreign nation would have a land invasion with the tanks coming to the U.S., you wouldn't
[14:17.740 --> 14:23.000]  ask the local sheriff, please stop them. In reality, that's what happens in local election
[14:23.000 --> 14:28.880]  officials. They are the last and only line of defense, massively out-of-pocket, and they are
[14:28.880 --> 14:36.640]  dealing with the nation-state highly-motivated attacks. So please join us in that initiative
[14:37.580 --> 14:45.320]  in Discord. Also, please join us in the Election Industry Foundation and tell what the Election
[14:45.320 --> 14:52.260]  Industry Foundation can do to help you, especially when we move to education, etc. Please join us
[14:52.260 --> 14:59.940]  with the Kilcheng movie on the movie night. Speaker track will start right after this talk.
[15:00.460 --> 15:06.860]  And speaker track this year, because we are virtual, we have turned this to be a little bit
[15:06.860 --> 15:12.640]  different tone than last year's. Last year's, because we, after the talks, we have been able
[15:12.640 --> 15:19.060]  to have a debate on the hallways and the room, and you can get feedback. There's a lot of
[15:19.060 --> 15:24.520]  opportunities. We don't have that this year. The speakers have no way of knowing whether the talk
[15:24.520 --> 15:31.660]  was well-received or not at the time the talk is over or immediately after that, because there's
[15:31.660 --> 15:40.100]  this one-way street right now in most cases. So we are here to help you. So this year, we have been
[15:40.100 --> 15:48.660]  deliberately inviting speakers who are proposing or asking comments for ideas, which has been
[15:49.220 --> 15:54.320]  partially rejected by security companies, controversial speakers who come with a package
[15:55.240 --> 16:04.880]  and are wanting to have a feedback or are offering a dataset for research. So what we want to do,
[16:04.880 --> 16:10.680]  we invite, the same way as in DEF CON, we are going to compile, normally at DEF CON, we are compiling
[16:10.680 --> 16:16.880]  annual report. And in this year, the annual report will have a bigger section about the speaker track
[16:16.880 --> 16:25.300]  talks than normally is. We are inviting feedback in short form or long form, with your name to be
[16:25.300 --> 16:32.400]  quoted, with your handle only, or completely anonymous. Feedback, comments, short form,
[16:32.400 --> 16:39.660]  long form, for all the talks. And from those, we will compile into the annual report for the
[16:39.660 --> 16:45.980]  speakers, for the community at large, what were the guidance, what were the thoughts from the
[16:45.980 --> 16:54.900]  greater security community around the world, and especially in the US. So we are welcoming that,
[16:54.900 --> 16:59.620]  and this is something which we saw the opportunity because we go to virtual,
[16:59.620 --> 17:04.800]  where we can do something which we wouldn't have been doing when we were in person.
[17:05.720 --> 17:11.560]  Again, since we are doing this this way, this year, as always, but especially this year,
[17:11.560 --> 17:20.500]  being selected as a speaker is not endorsement by us that we are behind the speaker or the ideas.
[17:20.820 --> 17:28.320]  We don't stand in that. Instead, we're saying there's a lot of things that we need to talk about
[17:28.840 --> 17:37.320]  and what we need to be educating each other. So please provide your feedback. In the case
[17:37.320 --> 17:43.620]  there's a research, please provide your research. We have given you all in the documentation,
[17:43.620 --> 17:49.220]  in the speaker track documentation, and our onboarding guide, links how to find everything.
[17:49.220 --> 17:57.480]  And the idea, again, is you can provide the feedback in any mode, long form, short form,
[17:57.480 --> 18:05.240]  anonymous, handle, or name, or background information without quotation at all.
[18:05.240 --> 18:11.300]  We are actually asking if you want to be quoted, even if you are anonymous. So please provide us
[18:11.300 --> 18:17.740]  feedback. We will compile it. And since we don't have the normal physical hacking going that much,
[18:17.740 --> 18:23.340]  the report will be more about that. We also encourage, because people have from last year,
[18:23.920 --> 18:29.700]  all the things and information which you have extracted from the physical devices we have,
[18:29.700 --> 18:35.960]  all that research is hopefully going to resume. And once there's outcomes of those research,
[18:35.960 --> 18:40.300]  we are more than willing, and we are welcoming, and we are almost begging,
[18:40.300 --> 18:49.310]  we send that information, and we will compile it to our annual report. Last but not least,
[18:49.310 --> 18:59.030]  this year, because of the nature of this pandemic, as it were, we are quickly changing
[18:59.030 --> 19:10.130]  the gears. There have been a lot of debate out on the media, a surge of interest. We have all
[19:10.130 --> 19:17.530]  probably been exposed about the controversy over mail-in balloting. There is, again, these ideas
[19:17.530 --> 19:26.110]  about internet voting, or mobile phone voting, or blockchain voting, ideas which are not only rejected
[19:26.110 --> 19:31.350]  by the security community, but also over and over demonstrated in academic papers and theoretical
[19:31.350 --> 19:38.370]  papers, why this is not an implementation issue, this is a fundamental issue, which we don't think
[19:38.370 --> 19:45.330]  there's a solution in the foreseeable future, how these technologies can be implemented.
[19:45.330 --> 19:51.450]  So we have talks which are explaining how you run elections in this environment,
[19:52.230 --> 19:58.990]  mechanically used to increase the trust, one of those being a paper last week published about
[19:58.990 --> 20:06.930]  how the ballot-marking devices are unauditable, so why that technology, even when it provides a
[20:06.930 --> 20:14.610]  piece of paper, actually is not trustworthy. That would have been a bigger part of the debate if we
[20:14.610 --> 20:21.390]  would be voting more in person, but nevertheless, that is a role in new technology. We will be
[20:21.390 --> 20:29.550]  having talks about tools, how you can check and communicate about your own elections with
[20:29.550 --> 20:35.790]  centralized resources, find out and validate if what you have seen is something which should
[20:35.790 --> 20:42.050]  be further investigated and should be further reported. We are always talking about risk-limiting
[20:42.050 --> 20:49.690]  audits as a method of validating that the outcome of the election has picked up the right winners.
[20:49.690 --> 20:57.170]  Risk-limiting audits is a low-labor mathematical method which allows a huge public participation
[20:57.170 --> 21:03.150]  and transparency. The method is about proving that the election outcome is right, not that
[21:03.150 --> 21:09.110]  every single last vote is counted accurately, because that never happens really, and it doesn't
[21:09.110 --> 21:15.530]  matter if the election is still proven to have right results. And as always, we are going to
[21:15.530 --> 21:23.030]  have conversations about what are all the ways we can do to improve and get this better.
[21:24.210 --> 21:33.810]  So, we have the channels open. I hope, since I'm on the podium, I can pretend 20 minutes ago.
[21:35.010 --> 21:44.350]  We have channels there to ask staff. We are here to help. We can make changes if you have an idea,
[21:44.350 --> 21:52.010]  if you have a project which you want to quickly introduce to other people. We do have a video
[21:52.010 --> 21:59.750]  and voice channels. Contact staff saying, I would like to make a mini-talk, and I have this research
[21:59.750 --> 22:06.970]  project, I have these results, I have this image file I want to look at. Whatever it is you want to
[22:06.970 --> 22:16.310]  do. Ask us, can we do this? Please send us a note. We will figure out the time slot. We will put you
[22:16.310 --> 22:21.690]  into one of the video channels, and we will make announcement on the announcement channel that this
[22:21.690 --> 22:28.310]  new activity is going to be in it. Whatever we can do to help make this more enjoyable for you,
[22:28.310 --> 22:35.990]  make more... leverage your knowledge, make this to be better experience, more educating experience,
[22:35.990 --> 22:39.770]  let us know. Whatever we can do, we are here to help.
[22:42.750 --> 22:47.710]  And again, this is... no one of us has been here before.
[22:49.130 --> 22:52.130]  One thing I can guarantee, this is not going to be a smooth ride.
[22:53.570 --> 22:59.690]  So, bear with us and forgive us in the head that there will be glitches, there will be
[22:59.690 --> 23:06.590]  something going wrong, and if you see something, say something, same as every year. Let us know
[23:06.590 --> 23:12.210]  what went wrong immediately, so that we can try to fix it as it happens. We have a back... hold
[23:12.210 --> 23:20.050]  back infrastructure, enabling us to, in a quite speedy manner, to address a lot of technical
[23:20.050 --> 23:26.190]  issues and address a lot of things which you might come up with. And of course, you know,
[23:26.190 --> 23:32.970]  you have new ideas. So, be active with us, because we want to be active with you,
[23:32.970 --> 23:39.070]  and we are here to help. Without further ado, I probably forgot something I shouldn't say,
[23:39.070 --> 23:44.750]  but without further ado, I hope you have a safe, and you stay safe, you have a safe
[23:45.570 --> 23:48.710]  2028, safe month. Thank you.
